To demonstrate the problem more clearly, I have installed two Debian wheezy
virtual machines with exactly the same configuration placed on the same
network. The only difference is the kernel used. The test programs and the
results are shown below:
michael@server:~/src/misc$ cat initgroups.c
#include <grp.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/wait.h>
void call(void) {
pid_t pid = fork();
if (pid) {
wait(NULL);
} else {
execl("/usr/bin/id", "id", NULL);
}
}
int main(void) {
struct passwd *pw = getpwnam("michael");
printf("pw_name=%s\npw_uid=%d\npw_gid=%d\n", pw->pw_name,
(int)pw->pw_uid, (int)pw->pw_gid);
call();
initgroups(pw->pw_name, pw->pw_gid);
call();
setgid(pw->pw_gid);
call();
setuid(pw->pw_uid);
call();
}
michael@server:~/src/misc$ cat setgroups.c
#include <unistd.h>
#include <grp.h>
#include <sys/wait.h>
void call(void) {
pid_t pid = fork();
if (pid) {
wait(NULL);
} else {
execl("/usr/bin/id", "id", NULL);
}
}
int main(void) {
call();
const gid_t gids[] = {1000, 27};
setgroups(sizeof gids / sizeof *gids, gids);
call();
}
michael@server:~/src/misc$ ssh -l root debian-wheezy-vm
root@debian-wheezy-vm's password:
Linux debian-wheezy-vm 3.2.0-4-amd64 #1 SMP Debian 3.2.35-2 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Jan 14 15:07:09 2013
root@debian-wheezy-vm:~# ./initgroups
pw_name=michael
pw_uid=1000
pw_gid=1000
uid=0(root) gid=0(root) groups=0(root)
uid=0(root) gid=0(root) groups=0(root),27(sudo),1000(michael)
uid=0(root) gid=1000(michael) groups=0(root),27(sudo),1000(michael)
uid=1000(michael) gid=1000(michael) groups=1000(michael),27(sudo)
root@debian-wheezy-vm:~# ./setgroups
uid=0(root) gid=0(root) groups=0(root)
uid=0(root) gid=0(root) groups=0(root),27(sudo),1000(michael)
root@debian-wheezy-vm:~# logout
Connection to debian-wheezy-vm closed.
michael@server:~/src/misc$ ssh -l root debian-wheezy-kfreebsd-vm
root@debian-wheezy-kfreebsd-vm's password:
GNU/kFreeBSD debian-wheezy-kfreebsd-vm 9.0-2-amd64 #0 Sat Nov 24 04:44:27 UTC
2012 x86_64
The programs included with the Debian GNU/kFreeBSD system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/kFreeBSD comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Jan 14 15:06:44 2013
root@debian-wheezy-kfreebsd-vm:~# ./initgroups
pw_name=michael
pw_uid=1000
pw_gid=1000
uid=0(root) gid=0(root) groups=0(root)
uid=0(root) gid=0(root) egid=27(sudo) groups=0(root),27(sudo),1000(michael)
uid=0(root) gid=1000(michael) groups=0(root),1000(michael)
uid=1000(michael) gid=1000(michael) groups=1000(michael)
root@debian-wheezy-kfreebsd-vm:~# ./setgroups
uid=0(root) gid=0(root) groups=0(root)
uid=0(root) gid=0(root) egid=1000(michael)
groups=0(root),1000(michael),27(sudo)
root@debian-wheezy-kfreebsd-vm:~# logout
Connection to debian-wheezy-kfreebsd-vm closed.
michael@server:~/src/misc$
As seen above, the setgroups system call in kFreeBSD behaves differently than
in Linux, which causes the bug.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
